User
Digital representation of a person, system, or service who uses
OpenStack cloud services. The Identity service validates that incoming
requests are made by the user who claims to be making the call.
Users have a login and may be assigned tokens to access resources.
Users can be directly assigned to a particular tenant and behave as if
they are contained in that tenant.
可以理解为用户,系统或者一个服务
Credentials
Data that confirms the user‘s identity. For example: user name and
password, user name and API key, or an authentication token provided
by the Identity Service.
可以理解为证书:包括用户名和密码,或者用户名和APIkey,或者身份验证服务颁发的token
Authentication
The process of confirming the identity of a user. OpenStack Identity
confirms an incoming request by validating a set of credentials supplied
by the user.
These credentials are initially a user name and password, or a user
name and API key. When user credentials are validated, OpenStack
Identity issues an authentication token which the user provides in
subsequent requests.
可以理解为一个用户认证进程。由用户发送一组证书给openstack进行认证。
证书的初始化由用户名和密码,或者用户名和APIkey。如果证书有效。openstack
将颁发一个证书给authentication token给用户,用户将用这个authentication token来
发起以后的请求。
Token
An alpha-numeric string of text used to access OpenStack APIs and
resources. A token may be revoked at any time and is valid for a finite
duration.While OpenStack Identity supports token-based authentication in
this release, the intention is to support additional protocols in the future.
Its main purpose is to be an integration service, and not aspire
to be a full-fledged identity store and management solution.
可以理解为一个由identity server 颁发的令牌,用户有token才能接入APIs 和资源
这个令牌可以随时收回,也可以设置在一段时间有效。
在未来支持附加的协议,keystone的主要目的是集成服务,而不是渴望成为一个完全
的认证仓库和管理解决方案。
Tenant
A container used to group or isolate resources. Tenants also group
or isolate identity objects. Depending on the service operator, a tenant
may map to a customer, account, organization, or project.
租户,可以理解为一个分组或者隔离资源和身份对象的容器。可以根据service的操作者
容器和映射为一个用户,账号,组织或者项目
Service
An OpenStack service, such as Compute (nova), Object Storage
(swift), or Image service (glance). It provides one or more endpoints
in which users can access resources and perform operations
理解为OpenStack service,可以通过一个或者多个endpoints来接入service执行相关操作
Endpoint
A network-accessible address where you access a service, usually a
URL address. If you are using an extension for templates, an endpoint
template can be created, which represents the templates of all
the consumable services that are available across the regions.
Role
A personality with a defined set of user rights and privileges to perform
a specific set of operations.
Keystone
Client A command line interface for the OpenStack Identity API. For example,
users can run the keystone service-create and keystone endpoint-
create commands to register services in their OpenStack installations.